Zero Touch installation makes phones easy to provision

Today we are announcing the launch of a new family of IP phones. Designed exclusively for use with FreePBX and PBXact and featuring Sangoma’s Zero Touch technology, which means they connect and operate quickly and easily, right out of the box.

The product line includes the entry-level s300, mid-range s500, and the s700 for the most demanding business environment. Each phone in the three model series features Power over Ethernet (PoE), so no power cable or outlets are required. They have full duplex speakerphones, dual Ethernet Ports, multi-way conference calling, high definition voice, and have built-in Virtual Private Network (VPN) capabilities.

“VoIP telephones can be complex to install, and manually configuring many different parameters with dozens or hundreds of extensions can take hours,” says Bill Wignall, President and CEO of Sangoma. “With Sangoma’s unique Zero Touch installation there is no complexity, since phones connect automatically with Sangoma’s PBX solutions and can be used as soon as they are plugged into the network. Zero touch provisioning saves customers significant time, frustration and money.”

When customers buy and install any of these Sangoma phones, the redirection server automatically sends the phone line to the Sangoma Private Branch eXchange (PBX) for configuration. Other vendors have redirection servers, but they have to be pre-programmed with the IP PBX.

Sangoma’s PBX solutions are available in two versions. FreePBX, an open source variant and as the PBXact brand, a commercial version. Both are available as software or can be pre-installed on telecom appliances. Only Sangoma can provide Zero Touch provisioning with FreePBX and PBXact.

Each phone also comes integrated with Sangoma EndPoint Manager Software. The software enables users to control global settings, program phone keys, map extensions to MAC addresses and templates, upload images, download new firmware, and scan the network for non-provisioned phones. Sangoma phones also feature Plug and Play deployment; native VPN for secure connections; phone and user management from the PBX control panel; and soft key functions like call flow management, queue management, presence, etc. Since the VPN client software is included with the phone, remote users can easily and securely access an office-based PBX. There’s no need for a VPN router at the remote or home office location. The system also traverses firewalls automatically.

Once Sangoma’s phones are installed, users can control advanced features directly from the phone. There’s no need to remember feature codes. There’s also no need to log in to the PBX panel to control the feature set.

Accessories such as headset adapters and power supply units (for networks without PoE) are also available. All Sangoma telephones come with a 1-year warranty and extended warranties are also available.

With this new line of smart VoIP phones, Sangoma can provide all the appliances, software and functionality a business needs for a sophisticated IP and Unified Communications system.

Sangoma is taking orders now for delivery in March 2016. You can purchase directly from one of the company’s stocking channel partners, or from within the Sangoma Portal.

As part of our ongoing efforts to expand the FreePBX EcoSystem we are happy to announce that Yealink has completed the Certification process to become a Certified Hardware Partner and included in the FreePBX EcoSystem Program.

Certification means that Yealink and The FreePBX Project engineering and development team now have a direct relationship and are work together to ensure that our shared end users and partners that wish to utilize Yealink devices when building their communications platforms have assurances that Yealink endpoints have been tested and provide great functionality and usability within the FreePBX Platform.

Certification also means that Yealink phones that have been submitted for Interoperability Testing are now officially supported within the FreePBX EndPoint Manager. EndPoint Manager support allows easy provisioning and management of supported endpoints directly from within the FreePBX Administrative GUI. In addition many Yealink phones also are now listed as a supported devices for running the popular FreePBX Phone Apps. Phone Apps integrate FreePBX features and calling functions directly within the supported phones interface. This integration allows enhanced usability and functionality for end users deploying FreePBX Communications Systems.

“With FreePBX, the world’s most popular open source PBX, Sangoma delivers a platform that allows organizations to build communications solutions to fit their needs,” said Preston McNair, Vice President of Sales at Sangoma. “By extending our relationship with Yealink, we are building on a collaborative alliance of Certified Hardware and Software Partners, that have been instrumental in the adoption of FreePBX worldwide and have delivered on the promise of an open standards-based UC solution for businesses of all sizes.”

“We at Yealink are pleased to see deepened cooperation with FreePBX through our expanded FreePBX-supported phone array,” said Stone Lu, Vice President of Yealink. “Our relationship with FreePBX reflects our consistent pursuit of the broadest possible compatibility and reliable yet flexible VoIP solutions,” he added. “We look forward to future cooperation with FreePBX as we jointly promote our solutions worldwide.”

Zulu UC is being built by the same team behind the world’s most popular open source PBX, FreePBX. It allows easy communication and collaboration integration with applications that people like you use everyday.

Get in on our pre-release promotion and license unlimited Zulu user connections for only $199 before October 31, 2015.

Take advantage of our Commercial Module 3-DAY PROMOTION!

From now through Wednesday September 30th, 2015 use the PROMO CODE “SEPT30” to receive an instant 30% discount on any 25-year commercial module, or commercial module bundle purchased from within the FreePBX Store.

This promo code is not valid on prior purchases or purchases made from within the PBX GUI. This sale ends September 30th, so please don’t ask us for a discount later if you miss it. All transactions must be completed and paid in full at time of check out!

On behalf of the FreePBX Project, thanks for your continued support and we hope you can take advantage of this great promotion!

In the cloud-enabled, highly networked world of VoIP, security is one of, if not THE, most important facets of proper software engineering. The FreePBX Development team takes security seriously, and when vulnerabilities are discovered or reported, we have a fantastic history of responding and mitigating issues quickly. We aim not to just resolve issues as they are discovered but have a goal of continually developing with security in mind – this is paramount in today’s world with many Big Bad Wolves constantly trying to get into your PBX.

Security is not just another bullet point item. You cannot just bolt it on at the end of the development process, or at the time of installation. You must consciously design security into your application or service from the very beginning, and make it a continuous part of the entire process from design through implementation to testing and release. To keep on top of this — and so that we implement the best security practices and methodologies as they evolve — we are continually revising and revisiting FreePBX code, from something that was written yesterday, to code that goes back more than 10 years!

Sadly, in today’s world of Internet telephony you are just as likely (if not more so!) to have a system attacked and compromised from within your local LAN as you are from an external connection, so implementing a firewall and other perimeter protections, while vital in themselves, are no longer enough.

There are some integrators that recommend you just do the equivalent of building your security out of a bundle of various different security packages – just like building your house out of sticks. Sure it might be quick and easy to do that, and yes – It’s true that the more obstacles you put in the way of a drive-by attacker, the more likely it is they will move on to other lower hanging fruit. But this often has the unexpected and unwanted consequence (we have seen in far too many instances) that when this ‘House of Sticks’ – because it hasn’t been planned and designed from the ground up – makes their platforms too restrictive to the end users, or even removes functionality inadvertently!

If user panels and other Unified Communications aspects of a system are too laborious to utilize then one of two things will happen – either people will not use them, or system administrators will start pulling sticks out! This has the potential to significantly weaken the security of the overall system in the process, as quite often there’s no obvious and documented reason WHY a random security policy was put in place.

So, instead of building your security policies with a bundle of sticks methodology, we focus on building and improving the core of the FreePBX platform, brick by brick. We ensure that everything from the OS, Asterisk, and FreePBX, is maintained and monitored as one. In several cases we have released patches for the FreePBX Distro before the upstream maintainers have! This is why we believe that a strong foundation is central to a strong and secure house, or phone system.

Security and system updates are built holistically, and are much more likely to survive attacks from the Big Bad Wolf, than systems built with straw and bundles of sticks. Even if the Big Bad Wolf huffs and puffs and blows away your bundle of sticks, we do our best to ensure that the core, made of bricks, is still going to be there, standing strong.

One recent example of our engineering in security is the Signature Checking, or Module Signing, that we implemented in FreePBX 12 and onward.

If you purchase a proprietary PBX platform, it’s shipped from the manufacturer pre-loaded with its own software and firmware. Not that you can typically interact with the code on those appliances, however since the return address on the package is from the manufacturer, you can reasonably trust that the software installed is authentic and unmodified. Even then, there have been well publicized cases of this not being true! We wanted a way to allow users to independently confirm that the FreePBX software on their server hadn’t been changed by an additional, unexpected third party.

Module Signing takes a two-pronged approach. The first avoids the most common issues on an insecure Internet – it validates that the packages you’re downloading and installing are the ones that you’re EXPECTING to download and install, by cryptographically signing the module packages (exactly the same, in fact, as Debian and Redhat do with DPKG and RPMS!)

The second is a constant monitoring of the FreePBX files on your system. If a file is changed, the FreePBX machine sends you an email, and displays a warning on every page, as soon as it detects that something wrong is happening.

Module Signing uses the standard, proven and well known, Web of Trust, as implemented by GPG. This is a decentralized trust model where there are many independent webs of trust, which any user (through their identity certificate or key) can be a part of.

Module Signing also assists in ensuring integrity and authenticity, by anyone being able to answer the two important questions “Who published this module?” and “Was this module changed since it was published?” Both of these questions are able to be easily answered, by even an unskilled user, by simply looking at the publisher of the module and making sure that no security alerts are being displayed.

We looked at what other Open Source projects were doing, and implemented Module Signing using the same methods that Redhat and Debian/Ubuntu are using, as these methods have been successfully proven to be secure. Coincidentally, almost immediately after we implemented and published Module Signing, we were alerted by the community to an active and in the wild vulnerability that was then quickly patched.

Next week we will discuss utilizing the FreePBX Distro, which not only gives you a quick method of installation of a FreePBX System, but also the OS and other dependencies while at the same time allowing you to keep the entire PBX platform updated.